\section {Related Work}

\subsection {Traditional Authorization \& Access Control}
There have been several authorization and access control systems suggested
in the literature \cite{blobel2004authorisation,chen2009identity,kluge2004informed,reid2003}.
Most of these systems are based on role-based access control (RBAC)
and do not address patient consent. In RBAC, roles are associated
with (access) privileges, and system users are then assigned roles
based on the nature of their job or functionality.

Although the RBAC approach is quite effective within the confines
of a single organization, it does not scale well when dealing with
dynamic healthcare environments, where entities (such as doctors)
can take on many different roles across many different organizations.
Furthermore, RBAC based security frameworks are not real-time in nature.
There is a considerable lag when it comes to enforcement of updated/new
roles.

Our proposed framework is fundamentally different from the RBAC type
approaches, as in our framework all access decisions are made based
on the available information. Therefore, we can easily accommodate
for the varying user roles and apply any changes to these roles in
real-time.

\cite{5480994} defines a dynamic role-based access control system
with similar properties to our framework (such as a multiagent system
with trust negotiation). However, their approach does not offer the
semantic compatibility that our system provides. The trust establishment
requirements are also not as flexible, requiring trust to be pre-established.
Our approach is far more flexible and secure, since it requires all
agents to negotiate trust on a per request basis.

\subsection{Ontology Based Knowledge Representation \& Healthcare}

Ontologies have been heavily utilized in the area of medical informatics.
However, the main goal of these ontologies has been to define and
represent medical knowledge, and not privacy and security related
concepts (as is the case in our solution).

Binfeng et al. in \cite{4382013} explore building a medical knowledge
base using a medical ontology for coronary heart disease. Their knowledge
base has the interesting property of being able to map concepts back
and forth between traditional Chinese and modern Western medical ontologies.

Cassimatis et al. in \cite{5204059} argue that {}``Systems with
human-level intelligence must both be flexible and be able to reason
in an appropriate time scale. These two goals are in tension, as manifest
by the contrasting properties of structured knowledge-based systems\textquotedblright{}.
They propose an interesting approach (reasoned unification) for representing
and reasoning over linguistic and non-linguistic knowledge, within
the scope of an inference context. Considering that medical information
is a complex combination of various different types of data-sets,
the ideas present in \cite{5204059} have a significant application
potential for healthcare information systems.

Another salient property of healthcare information systems is the
use of many specialized domain specific ontologies by the respective
specialized faculties. Therefore, in order to exchange and reason
with information across all systems, we need the ability to translate
the ontological concepts back and forth. \cite{10.1109/5254.920602}
suggest an ontology learning framework for similar purposes. Their
proposed framework provides an ontology learning environment with
semi-automatic ontology-construction tools.


\subsection{Multiagent Systems \& Structured Knowledge}

Semantic technologies for knowledge representation and processing
seem to be very well suited for multiagent systems \cite{10.1109/AAMAS.2004.10110,5231428,10.1109/5254.920597,springerlink:10.1007/978-3-540-39896-7_11,Williams:2004:LSM:964566.964588,Using_Semantic_web_technology_in_Multi_Agent_systems_a_case_study_in_the_TAGA_Trading_agent_environment}.
This comes as no surprise, considering that the premise of semantic
knowledge representation is to facilitate machine processing of information.

\cite{Using_Semantic_web_technology_in_Multi_Agent_systems_a_case_study_in_the_TAGA_Trading_agent_environment}
enhances the single coordination server limitation of the Trading
Agent Competition (TAC) \cite{wellman2001designing} scenario
to work under the Agentcities \cite{Dale02agentcities:challenges}
distributed agent model. Semantic web languages and tools are used
to define (i)FIPA compliant ontology based agent communication language (ACL) and (ii)the knowledge-base
for the agents to work with. \cite{Using_Semantic_web_technology_in_Multi_Agent_systems_a_case_study_in_the_TAGA_Trading_agent_environment}
found the use of semantic web technologies enhanced the interoperability
between agents in multiagent environments.

\cite{springerlink:10.1007/978-3-540-39896-7_11} presents a very
similar multiagent framework that has the ability to support multiple
ontologies. Furthermore, their solution makes use of FIPA-compliant
JADE agent framework to define semantic web ontology service and an
inference service. These services act as middleware to support agent
management, agent communication, and agent interaction protocols.

\cite{10.1109/AAMAS.2004.10110} proposes a ubiquitous computing system
facilitating context-aware intelligent agents for the purpose of providing
meaningful relevant services to individual participants in a meeting
room setting. Their system is context-aware in order to personalize
the user experience. The multiagent environment utilizes a semantic
representation to describe the context, making it feasible for the
agents to exchange and reason with the information present within
the context.

\cite{10.1109/5254.920597} considers web enabled multiagent environments,
where agents are distributed and provide unique services. The agents
utilize customized ontologies to define and process their services.
The semantic representation makes it possible for multiple agents
to work together. \cite{10.1109/5254.920597} also explore the use
of semantic technologies for agent communication language (ACL), where the
terms used during agent-to-agent communication may originate from
various ontologies.

\cite{Williams:2004:LSM:964566.964588} investigates the impact of
agents using multiple domain specific ontologies in multiagent environments.
They propose an inter-agent semantic concept learning approach to
deal with the proliferation of (domain specific) ontologies. However,
their solution is quite restrictive and requires closed world representation
of information, where all agents are known to each other and have
complete knowledge of all the information contained in the world.

Intelligent multiagent systems have been successfully utilized in
healthcare settings for various applications. \cite{5231428} proposes
an architecture for an intelligent multiagent clinical decision support
system . Although the proposed architecture is not specifically targeted
for privacy and security, there are some fundamental similarities
between the propose architecture in \cite{5231428} and our framework
(such as the use of intelligent agents to augment physician productivity
in a multiagent environment).


\subsection{Trust Management in Multiagent Systems}

There are many definitions of trust when it comes to distributed systems.
\cite{Ramchurn:2004:TMS:1059613.1059614} defines trust in the context
of multiagent systems as - {}``a belief an agent has that the other
party will do what it says it will (being honest and reliable) or
reciprocate (being reciprocative for the common good of both), given
an opportunity to defect to get higher payoffs\textquotedblright{}.

A trust relationship between two agents can be reasoned about and
calculated using trust models capturing reliability and honesty of
agents involved. Furthermore, an agent can define the various levels
of trust it might place with another agent. \cite{Ramchurn:2004:TMS:1059613.1059614}
defines two broad categories of conceptualizing trust: 
\begin{itemize}
\item {}``\textbf{Individual-level trust}, whereby an agent has some beliefs
about the honesty or reciprocative nature of its interaction partners.\textquotedblright{} 
\item {}``\textbf{System-level trust}, whereby the actors in the system
are forced to be trustworthy by the rules of encounter (i.e. protocols
and mechanisms) that regulate the system.\textquotedblright{} 
\end{itemize}
\cite{4609545} recognizes trust as a major issue in the area of multiagent
systems. Their investigation is motivated by the following three questions:
(i)Why does an agent trust another? (ii)How do agents judge or evaluate
the trustworthiness of others? (iii)What does an agent do after obtaining
the trustworthiness of others?

\cite{ecs12593} argues that existing trust and reputation models
cannot be used for dynamic multiagent environments, where agents continuously
join and leave the system. This dynamic behaviour adversely impacts
the overall performance when existing trust models are used. They
propose a new trust and reputation model for multiagent systems, which
utilizes various forms of trust (such as role-based trust, witness
reputation etc.) to produce a comprehensive score corresponding to
an agent's trustworthiness.

\cite{5136661} explores how non-cooperative distributed agents, when
forced into working together, can utilize a trust based model to facilitate
their interactions. Their mechanism focuses on two basic parameters
(i)agent attributes and (ii)reliability values.


\subsection{Electronic Consent}

There are numerous studies dealing with electronic consent. However,
these studies ignore the semantic aspect of information and focus
mainly on security aspects \cite{blobel2004authorisation,chen2009identity,reid2003}.
O'Keefe et al. \cite{okeefe2002implementation} undertake a feasibility
study of electronic consent management systems in the medical arena.
They expose various challenges faced by different consumer groups
of electronic consent management systems. The study provides a sound
set of recommendations for a generic implementation of a patient consent
management system.

Song et al. \cite{song2002patient} introduces the notion of an e-consent
object, encompassing all relevant information concerning patient consent
in the e-consent object. Lack of semantics is the biggest drawback
of this model. The rules of consent are not expressed in any formal
language and therefore are ambiguous at interpretation time.

Win et al. \cite{win2002implementing} describe an interface based
approach through which patient consent can be expressed. The solution
lacks organic growth as it hard codes the information and lacks the
required flexibility for the user.

Pruski et al. \cite{pruski2010} propose e-CRL language designed
with the following two goals in mind (a)facilitate capturing of patient
consent information (b)formalize the expression of patient consent
information. {}``The language has a well defined BNF (Backus Naur
Form) based syntax and semantics defined based on first-order logic
and set theory which allow eHealth systems to fully control the access
to critical health data\textquotedblright{} \cite{pruski2010}.

Although the e-CRL language provides support for semantics, it lacks
some important features, such as proof generation. Furthermore, the
defined language is not compatible with the RDF \cite{rdfsite} based
solutions and approaches, making integration difficult.
